In a paste describing their activities, they write that they stole “personal records belonging to hundreds of customers who have recently applied for a car loan. Those records include the full financial history, employment details and personal data of the applicants” for car loans at Finalease Car Credit.” They offer several customer records as proof of hack.

From Thomas Cook Belgium, they allege they “stole records related to this network of travel agencies’ business partners, namely their affiliates and affiliated agencies. We will release the entire data in our possession at a later date. In the meantime, here are the contents of the company’s affiliates listing…”

For Mensura, they provided a sample of absenteeism-related requests allegedly received by the organization.

DataBreaches.net is not linking to the paste nor the data dump because of the exposed consumer personal information. This site e-mailed Finalease and Mensura last night to seek confirmation or denial of the claimed hacks, but has gotten no response. No attempt was made to contact Thomas Cook Belgium for lack of a contact e-mail for these purposes.

As a reminder, Domino’s did contact all customers about the breach Rex Mundi claimed in June, so it’s tempting to believe the new claims, but at this point, these are just claims without confirmation. Unlike previous claimed hacks, however, there doesn’t seem to be any extortion demand involved, and the group’s paste makes no mention of anything the firms can do to avoid having their data dumped. (see CORRECTION below)

CORRECTION AND UPDATE (11/16/14): A tweet by Rex Mundi suggests that they did attempt to extort money from Mensura before they dumped some of the data:

@mailforlen Also, regarding Mensura, they initially wanted to pay but their lawyers advised them not to. Bad advice, if you ask us.

Update 2: A Belgian site reporting on the hack, reports, “De Federal Computer Crime Unit van de federale politie, die zich over de zaken buigt, raadt gehackte ondernemers af om met geld over de brug te komen,” which I’m told means that the Federal Computer Crime Unit is advising the businesses to pay the ransom (extortion). Amazing, if that’s true. Another site says that FFCU discourages paying ransom. Note: a commenter points out that the translation I was given for the first source was incorrect, and that as I suspected, the FCCU was advising companies NOT to pay.

Interested in Sponsoring Content?

This site does NOT accept sponsored posts or articles. If you ignore this and send me inquiries about how your high-level article on cottage cheese would be a wonderful addition to this site, I will ignore your inquiries.